Primary

Context

10-Strike Network Inventory Explorer Pro Unquoted Service Path Vulnerability in Web Server Service

Vulnerability

A privilege escalation vulnerability has been identified in 10-Strike Network Inventory Explorer Pro version 9.31. The issue arises from an unquoted service path in the 'srvInventoryWebServer' service, which runs with LocalSystem privileges. This vulnerability allows attackers to exploit the unquoted path by placing malicious executables in potential path segments, leading to the execution of code with system-level permissions.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing attackers to execute code with system-level rights.

Reproduction

The vulnerability can be reproduced by querying the service configuration using the Windows Management Instrumentation Command-line (WMIC) tool. This will reveal the unquoted service path, which can then be exploited by placing a malicious executable in a directory that is part of the path.

Added: Jan 15, 2026, 4:38 PM

Updated: Jan 15, 2026, 7:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

10-Strike Network Inventory Explorer Pro Unquoted Service Path Vulnerability in Web Server Service

Vulnerability

Impact

Reproduction

Affected Products

10-Strike Network Inventory Explorer Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating